IP Routing
IP Routing
Section titled “IP Routing”IP routing is the process by which RouterOS examines the destination IP address of a packet and determines the next hop where the packet should be forwarded. This document covers the fundamental concepts of IP routing in RouterOS, including the routing information base, route types, route selection logic, and practical configuration examples.
Overview
Section titled “Overview”RouterOS maintains routing information in several databases that work together to enable efficient packet forwarding. The routing information base (RIB) stores all known routes, while the forwarding information base (FIB) contains the routes actively used for forwarding. The kernel maintains the forwarding database and performs the actual packet forwarding operations.
When a packet arrives at the router, the routing subsystem performs a lookup in the FIB to determine the appropriate next hop based on the destination IP address. This lookup follows a longest prefix match algorithm, where the most specific matching route takes precedence over less specific routes. If no matching route exists, the packet is either forwarded to a default route or discarded with an ICMP destination unreachable message.
RouterOS supports multiple routing tables, enabling advanced policy routing scenarios where different traffic classes can use different routing tables based on routing marks or other criteria. The main routing table (identified as main or number 254) contains the primary routes used for regular packet forwarding, while additional tables support VRF-lite implementations and complex traffic engineering requirements.
Routing Information Base
Section titled “Routing Information Base”The routing information base contains all routes known to the router, regardless of their source. Routes in the RIB can originate from directly connected networks, static configurations, or dynamic routing protocols. Each route entry includes the destination prefix, gateway, metric, administrative distance, and various flags that influence how the route is used.
Connected Routes
Section titled “Connected Routes”Connected routes are automatically created for each IP address configured on the router’s interfaces. These routes represent the networks directly attached to the router and have an administrative distance of 0, making them the most preferred routes in the routing table. Connected routes cannot be deleted manually; they are removed automatically when the corresponding IP address is removed from the interface.
# View connected routes/ip route print where disabled=no && routing-mark="" && pref-src=""Connected routes serve as the foundation for all routing decisions. When the router needs to forward a packet to a destination within a directly connected network, it uses ARP to resolve the destination MAC address and forwards the packet directly to the destination host without involving any routing protocol.
Default Route
Section titled “Default Route”The default route (also known as the gateway of last resort) matches all destinations that have no more specific route in the routing table. In RouterOS, the default route is identified by the destination address 0.0.0.0/0 for IPv4 or ::/0 for IPv6. When no specific route matches a packet’s destination, the default route provides a fallback path to the internet or upstream network.
# Configure default route/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1
# Configure IPv6 default route/ipv6 route add dst-address=::/0 gateway=fe80::1%ether1Default routes are commonly used in edge router configurations where a single upstream connection provides access to all external networks. The upstream router’s IP address serves as the default gateway, handling all traffic destined for networks not locally connected to the router.
Route Selection
Section titled “Route Selection”RouterOS evaluates routes using a well-defined preference order that considers multiple factors to select the best route to each destination. Understanding this selection process is essential for predicting routing behavior and troubleshooting routing issues.
Selection Criteria
Section titled “Selection Criteria”The route selection process follows this hierarchy:
- Longest Prefix Match: The route with the most specific (longest) prefix matching the destination is selected
- Administrative Distance: For routes with equal prefix length, the route with the lowest administrative distance wins
- Metric: When administrative distances are equal, the route with the lowest metric is preferred
- Age: Routes learned earlier are preferred over newer routes with identical attributes
The default administrative distances in RouterOS are:
| Route Type | Distance |
|---|---|
| Connected | 0 |
| Static | 1 |
| BGP (EBGP) | 20 |
| OSPF | 110 |
| RIP | 120 |
| BGP (IBGP) | 200 |
# View routes with details including distance/ip route print detail
# Filter routes by destination/ip route print where dst-address=10.0.0.0/8Hardware Offloaded Routes
Section titled “Hardware Offloaded Routes”RouterOS supports hardware offloading for certain routes, particularly those involving switching chips on supported hardware. Hardware-offloaded routes are processed by the switch chip rather than the CPU, enabling line-rate forwarding without CPU overhead. Routes are eligible for hardware offloading when they involve VLANs, bridges, or other switching features supported by the hardware.
# Check if route is hardware offloaded/ip route print where dst-address=192.168.0.0/24
# View route flags - H indicates hardware offloaded/ip route printRoutes marked with the H flag in the route table are being hardware-offloaded. Not all routes support hardware offloading; complex routing scenarios involving policy routing, NAT, or tunneling typically require CPU processing.
Multipath (ECMP) Routes
Section titled “Multipath (ECMP) Routes”Equal-Cost Multi-Path (ECMP) routing enables the router to use multiple routes to the same destination when those routes have equal preference. ECMP provides automatic load balancing across multiple paths, improving bandwidth utilization and providing redundancy in case one path fails.
Configuring ECMP
Section titled “Configuring ECMP”# Add multiple routes with equal cost to same destination/ip route add dst-address=10.0.0.0/24 gateway=192.168.1.1/ip route add dst-address=10.0.0.0/24 gateway=192.168.2.1
# Verify ECMP routes/ip route print where dst-address=10.0.0.0/24ECMP routes appear as separate entries in the routing table with the same destination prefix. The router distributes traffic across these routes based on the configured ECMP mode.
ECMP Modes
Section titled “ECMP Modes”RouterOS supports several ECMP modes that determine how traffic is distributed across multiple paths:
# Configure ECMP mode in routing settings/routing/settings set ecmp-mode=persistent
# Available modes:# - auto - Automatically select best mode# - persistent - Consistent hashing per-connection# - legacy - Round-robin per-packet- auto: RouterOS selects an appropriate algorithm based on hardware capabilities
- persistent: Uses consistent hashing so packets from the same connection always use the same path, preserving TCP session integrity
- legacy: Distributes packets in round-robin fashion without considering connection state
# Enable L3 encoding for asymmetric path consistency/routing/settings set l3-encoding=yesThe l3-encoding setting incorporates the source IP address into the load balancing hash, helping ensure return traffic follows the same path as outbound traffic in asymmetric routing scenarios.
Nexthop Lookup
Section titled “Nexthop Lookup”The nexthop lookup process determines the immediate next-hop IP address and outgoing interface for each route. When a route specifies a gateway, the router must resolve that gateway IP address to a MAC address on the outgoing interface using ARP (for IPv4) or neighbor discovery (for IPv6).
# View nexthop resolution/ip route print detail
# Check ARP table for resolved nexthops/ip arp print
# For IPv6/ipv6 neighbor printIf the gateway IP address is not directly reachable on the outgoing interface (i.e., it is not in the same subnet as the interface), the router performs a recursive lookup to find a route to the gateway itself. This recursive resolution continues until a directly connected route is found or the lookup fails.
# View routing table including recursive resolution/ip route printRoutes that require recursive resolution display the actual resolved gateway in parentheses in the route listing.
Route Storage and Management
Section titled “Route Storage and Management”RouterOS stores routing information in the routing table and provides commands for viewing, adding, modifying, and removing routes.
Viewing Routes
Section titled “Viewing Routes”# List all IPv4 routes/ip route print
# Show routes with details/ip route print detail
# Filter routes by gateway/ip route print where gateway=192.168.1.1
# Show only static routes/ip route print where type==static
# Show routes in a specific table/ip route print table=mainAdding Routes
Section titled “Adding Routes”# Add static route/ip route add dst-address=10.0.0.0/8 gateway=192.168.1.1
# Add route with specific distance/ip route add dst-address=10.0.0.0/8 gateway=192.168.1.1 distance=5
# Add route with routing mark (policy routing)/ip route add dst-address=10.0.0.0/8 gateway=192.168.2.1 routing-mark=custom-table
# Add IPv6 route/ipv6 route add dst-address=2001:db8::/32 gateway=fe80::1%ether1Route Maintenance
Section titled “Route Maintenance”# Disable a route (without removing)/ip route disable numbers=0
# Enable a disabled route/ip route enable numbers=0
# Remove a route/ip route remove numbers=0
# Comment a route/ip route set numbers=0 comment="Backup route"Configuration Examples
Section titled “Configuration Examples”Basic Static Routing
Section titled “Basic Static Routing”# Configure interface addresses/ip address add address=192.168.1.1/24 interface=ether1/ip address add address=10.0.0.1/24 interface=ether2
# Add default route to ISP/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.254
# Add route to remote network via second router/ip route add dst-address=172.16.0.0/12 gateway=10.0.0.254Backup Route with Distance
Section titled “Backup Route with Distance”# Primary route with lower distance/ip route add dst-address=10.0.0.0/24 gateway=192.168.1.1 distance=1
# Backup route with higher distance/ip route add dst-address=10.0.0.0/24 gateway=192.168.2.1 distance=10
# Verify route selection - lower distance should be active/ip route print where dst-address=10.0.0.0/24Policy Routing with Multiple Tables
Section titled “Policy Routing with Multiple Tables”# Create routing mark in firewall mangle/ip firewall mangle add chain=prerouting src-address=192.168.100.0/24 action=mark-routing new-routing-mark=isp2
# Add routes to separate routing tables/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 table=main/ip route add dst-address=0.0.0.0/0 gateway=10.0.0.1 table=isp2
# Add route for marked traffic/ip route add dst-address=0.0.0.0/0 gateway=10.0.0.1 routing-mark=isp2ECMP Load Balancing
Section titled “ECMP Load Balancing”# Configure ECMP for load balancing/routing/settings set ecmp-mode=persistent/routing/settings set l3-encoding=yes
# Add multiple equal-cost routes/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1
# Verify ECMP is active/ip route print where dst-address=0.0.0.0/0Troubleshooting
Section titled “Troubleshooting”Route Not Found
Section titled “Route Not Found”If traffic is not being routed as expected, verify the route exists and is enabled:
# Check if route exists for destination/ip route print where dst-address=<destination-ip>
# View all routes with status/ip route print
# Enable route debugging/system logging add topics=routing,debugRoute Not Selected
Section titled “Route Not Selected”When multiple routes exist but the wrong one is being used:
# Compare route distances and metrics/ip route print detail where dst-address=<destination>
# Check for more specific route taking precedence/ip route print where dst-address~"<destination-subnet>"Gateway Unreachable
Section titled “Gateway Unreachable”If the gateway is not reachable:
# Verify gateway is reachableping 192.168.1.1
# Check ARP resolution/ip arp print where address=192.168.1.1
# Verify interface is up/interface ethernet printHigh Route Count
Section titled “High Route Count”In networks with many routes:
# Count routes in table:put [/ip route find]->count
# Find routes with high metric/ip route print where metric>100
# Check for duplicate routes/ip route printVerify Route Installation
Section titled “Verify Route Installation”# Monitor routing table changes/ip route monitor
# Check FIB (forwarding database)/ip route print
# View routing statistics/routing protocol menuBest Practices
Section titled “Best Practices”- Use specific routes when possible: More specific routes take precedence and provide better control
- Configure backup routes: Use administrative distance for failover scenarios
- Monitor route health: Use routing monitors and logging to detect issues early
- Document routing policy: Maintain documentation of route purposes and intended behavior
- Test changes in staging: Verify routing changes before deploying to production
- Use route comments: Add descriptive comments to routes for easier troubleshooting
Related Topics
Section titled “Related Topics”- Routing Settings - Global routing configuration
- Policy Routing - Advanced routing with marks
- Static Routing - Static route configuration
- OSPF - Dynamic routing with OSPF
- BGP - Border Gateway Protocol